forked from baron/baron-sso
devfront e2e 테스트 시나리오 보강
This commit is contained in:
108
devfront/tests/devfront-audit.spec.ts
Normal file
108
devfront/tests/devfront-audit.spec.ts
Normal file
@@ -0,0 +1,108 @@
|
|||||||
|
import { expect, test } from "@playwright/test";
|
||||||
|
import {
|
||||||
|
installDevApiMock,
|
||||||
|
makeClient,
|
||||||
|
seedAuth,
|
||||||
|
type AuditLog,
|
||||||
|
type Consent,
|
||||||
|
} from "./helpers/devfront-fixtures";
|
||||||
|
|
||||||
|
test.describe("DevFront audit logs", () => {
|
||||||
|
test.beforeEach(async ({ page }) => {
|
||||||
|
page.on("dialog", async (dialog) => {
|
||||||
|
await dialog.accept();
|
||||||
|
});
|
||||||
|
await seedAuth(page);
|
||||||
|
});
|
||||||
|
|
||||||
|
test("filtering and cursor pagination", async ({ page }) => {
|
||||||
|
const state = {
|
||||||
|
clients: [makeClient("client-audit", { name: "Audit app" })],
|
||||||
|
consents: [] as Consent[],
|
||||||
|
auditLogsByCursor: {
|
||||||
|
"": {
|
||||||
|
items: [
|
||||||
|
{
|
||||||
|
event_id: "evt-1",
|
||||||
|
timestamp: "2026-03-03T09:00:00.000Z",
|
||||||
|
user_id: "actor-a",
|
||||||
|
event_type: "CLIENT_UPDATE",
|
||||||
|
status: "success",
|
||||||
|
ip_address: "127.0.0.1",
|
||||||
|
user_agent: "playwright",
|
||||||
|
details: JSON.stringify({
|
||||||
|
action: "UPDATE_CLIENT",
|
||||||
|
target_id: "client-audit",
|
||||||
|
tenant_id: "tenant-a",
|
||||||
|
}),
|
||||||
|
},
|
||||||
|
],
|
||||||
|
next_cursor: "cursor-2",
|
||||||
|
},
|
||||||
|
"cursor-2": {
|
||||||
|
items: [
|
||||||
|
{
|
||||||
|
event_id: "evt-2",
|
||||||
|
timestamp: "2026-03-03T09:01:00.000Z",
|
||||||
|
user_id: "actor-b",
|
||||||
|
event_type: "CLIENT_ROTATE_SECRET",
|
||||||
|
status: "success",
|
||||||
|
ip_address: "127.0.0.1",
|
||||||
|
user_agent: "playwright",
|
||||||
|
details: JSON.stringify({
|
||||||
|
action: "ROTATE_SECRET",
|
||||||
|
target_id: "client-audit",
|
||||||
|
tenant_id: "tenant-a",
|
||||||
|
}),
|
||||||
|
},
|
||||||
|
],
|
||||||
|
},
|
||||||
|
},
|
||||||
|
};
|
||||||
|
await installDevApiMock(page, state);
|
||||||
|
|
||||||
|
await page.goto("/audit-logs");
|
||||||
|
await expect(page.getByText("UPDATE_CLIENT")).toBeVisible();
|
||||||
|
|
||||||
|
await page
|
||||||
|
.getByPlaceholder(/Client ID로 필터|Filter by Client ID/i)
|
||||||
|
.fill("client-audit");
|
||||||
|
await page
|
||||||
|
.getByPlaceholder(/액션으로 필터|Filter by Action/i)
|
||||||
|
.fill("ROTATE_SECRET");
|
||||||
|
|
||||||
|
await page.getByRole("button", { name: /더 보기|Load more/i }).click();
|
||||||
|
await expect(page.getByText("ROTATE_SECRET")).toBeVisible();
|
||||||
|
});
|
||||||
|
|
||||||
|
test("realtime create/update actions should be visible", async ({ page }) => {
|
||||||
|
const state = {
|
||||||
|
clients: [makeClient("client-realtime", { name: "Realtime app" })],
|
||||||
|
consents: [] as Consent[],
|
||||||
|
auditLogs: [] as AuditLog[],
|
||||||
|
auditLogsByCursor: undefined,
|
||||||
|
};
|
||||||
|
await installDevApiMock(page, state);
|
||||||
|
|
||||||
|
await page.goto("/clients/new");
|
||||||
|
await page.getByPlaceholder("My Awesome Application").fill("Realtime New App");
|
||||||
|
await page
|
||||||
|
.getByPlaceholder(/https:\/\/app\.example\.com\/callback/i)
|
||||||
|
.fill("https://realtime.example.com/callback");
|
||||||
|
await page.getByRole("button", { name: /앱 생성|Create/i }).click();
|
||||||
|
await expect.poll(() => state.auditLogs.length).toBeGreaterThanOrEqual(1);
|
||||||
|
|
||||||
|
await page.goto("/clients/client-realtime/settings");
|
||||||
|
await page.getByPlaceholder("My Awesome Application").fill("Realtime Updated");
|
||||||
|
await page.getByRole("button", { name: /^저장$|^Save$/i }).click();
|
||||||
|
await expect.poll(() => state.auditLogs.length).toBeGreaterThanOrEqual(2);
|
||||||
|
|
||||||
|
await page.goto("/audit-logs");
|
||||||
|
await expect(page.getByText("CREATE_CLIENT")).toBeVisible({
|
||||||
|
timeout: 30000,
|
||||||
|
});
|
||||||
|
await expect(page.getByText("UPDATE_CLIENT")).toBeVisible({
|
||||||
|
timeout: 30000,
|
||||||
|
});
|
||||||
|
});
|
||||||
|
});
|
||||||
121
devfront/tests/devfront-clients-lifecycle.spec.ts
Normal file
121
devfront/tests/devfront-clients-lifecycle.spec.ts
Normal file
@@ -0,0 +1,121 @@
|
|||||||
|
import { expect, test } from "@playwright/test";
|
||||||
|
import {
|
||||||
|
installDevApiMock,
|
||||||
|
makeClient,
|
||||||
|
seedAuth,
|
||||||
|
type ClientStatus,
|
||||||
|
type Consent,
|
||||||
|
} from "./helpers/devfront-fixtures";
|
||||||
|
|
||||||
|
test.describe("DevFront clients lifecycle", () => {
|
||||||
|
test.beforeEach(async ({ page }) => {
|
||||||
|
page.on("dialog", async (dialog) => {
|
||||||
|
await dialog.accept();
|
||||||
|
});
|
||||||
|
await seedAuth(page);
|
||||||
|
});
|
||||||
|
|
||||||
|
test("create, update status, and delete", async ({ page }) => {
|
||||||
|
const state = {
|
||||||
|
clients: [makeClient("existing-client", { name: "Existing app" })],
|
||||||
|
consents: [] as Consent[],
|
||||||
|
updatedStatus: "active" as ClientStatus,
|
||||||
|
auditLogsByCursor: undefined,
|
||||||
|
onUpdateStatus(status: ClientStatus) {
|
||||||
|
this.updatedStatus = status;
|
||||||
|
},
|
||||||
|
};
|
||||||
|
await installDevApiMock(page, state);
|
||||||
|
|
||||||
|
await page.goto("/clients");
|
||||||
|
await expect(page.getByText("Existing app")).toBeVisible();
|
||||||
|
|
||||||
|
await page
|
||||||
|
.getByRole("button", { name: /연동 앱 추가|새 클라이언트|Create/i })
|
||||||
|
.click();
|
||||||
|
await expect(page).toHaveURL(/\/clients\/new$/);
|
||||||
|
|
||||||
|
await page
|
||||||
|
.getByPlaceholder("My Awesome Application")
|
||||||
|
.fill("Playwright Created App");
|
||||||
|
await page
|
||||||
|
.getByPlaceholder(/https:\/\/app\.example\.com\/callback/i)
|
||||||
|
.fill("https://playwright.example.com/callback");
|
||||||
|
await page
|
||||||
|
.getByRole("button", { name: /앱 생성|클라이언트 생성|Create/i })
|
||||||
|
.click();
|
||||||
|
|
||||||
|
await expect(page).toHaveURL(/\/clients\/client-2\/settings$/);
|
||||||
|
await expect(
|
||||||
|
page.getByRole("heading", {
|
||||||
|
name: /연동 앱 설정|클라이언트 설정|Client Settings/i,
|
||||||
|
}),
|
||||||
|
).toBeVisible();
|
||||||
|
|
||||||
|
await page.getByRole("button", { name: /비활성|Inactive/i }).click();
|
||||||
|
await page.getByRole("button", { name: /^저장$|^Save$/i }).click();
|
||||||
|
await expect.poll(() => state.updatedStatus).toBe("inactive");
|
||||||
|
|
||||||
|
await page.getByRole("button", { name: /삭제|Delete/i }).click();
|
||||||
|
await expect(page).toHaveURL(/\/clients$/);
|
||||||
|
await expect(page.getByText("Playwright Created App")).not.toBeVisible();
|
||||||
|
});
|
||||||
|
|
||||||
|
test("rotate secret shows new value", async ({ page }) => {
|
||||||
|
let rotatedSecret = "";
|
||||||
|
const state = {
|
||||||
|
clients: [makeClient("client-rotate", { name: "Rotate app" })],
|
||||||
|
consents: [] as Consent[],
|
||||||
|
auditLogsByCursor: undefined,
|
||||||
|
onRotateSecret(newSecret: string) {
|
||||||
|
rotatedSecret = newSecret;
|
||||||
|
},
|
||||||
|
};
|
||||||
|
await installDevApiMock(page, state);
|
||||||
|
|
||||||
|
await page.goto("/clients/client-rotate");
|
||||||
|
await expect(
|
||||||
|
page.getByRole("heading", { name: "Rotate app", exact: true }),
|
||||||
|
).toBeVisible();
|
||||||
|
|
||||||
|
await page.getByTitle(/비밀키 재발급|Rotate/i).click();
|
||||||
|
await expect.poll(() => rotatedSecret).toBe("client-rotate-rotated-secret");
|
||||||
|
await expect(page.getByText("client-rotate-rotated-secret")).toBeVisible();
|
||||||
|
});
|
||||||
|
|
||||||
|
test("update name and redirect URI should be persisted", async ({ page }) => {
|
||||||
|
const state = {
|
||||||
|
clients: [
|
||||||
|
makeClient("client-edit", {
|
||||||
|
name: "Before Name",
|
||||||
|
redirectUris: ["https://before.example.com/callback"],
|
||||||
|
}),
|
||||||
|
],
|
||||||
|
consents: [] as Consent[],
|
||||||
|
auditLogsByCursor: undefined,
|
||||||
|
};
|
||||||
|
await installDevApiMock(page, state);
|
||||||
|
|
||||||
|
await page.goto("/clients/client-edit/settings");
|
||||||
|
await page.getByPlaceholder("My Awesome Application").fill("After Name");
|
||||||
|
await page.getByRole("button", { name: /^저장$|^Save$/i }).click();
|
||||||
|
await expect.poll(() => state.clients[0]?.name).toBe("After Name");
|
||||||
|
|
||||||
|
await page.goto("/clients/client-edit");
|
||||||
|
await page
|
||||||
|
.getByRole("textbox", { name: /인증 콜백 URL|Callback/i })
|
||||||
|
.fill("https://after.example.com/callback");
|
||||||
|
await page
|
||||||
|
.getByRole("button", { name: /Redirect URIs 저장|Save/i })
|
||||||
|
.click();
|
||||||
|
|
||||||
|
await expect.poll(() => state.clients[0]?.redirectUris[0]).toBe(
|
||||||
|
"https://after.example.com/callback",
|
||||||
|
);
|
||||||
|
|
||||||
|
await page.reload();
|
||||||
|
await expect(
|
||||||
|
page.getByRole("textbox", { name: /인증 콜백 URL|Callback/i }),
|
||||||
|
).toHaveValue(/https:\/\/after\.example\.com\/callback/);
|
||||||
|
});
|
||||||
|
});
|
||||||
45
devfront/tests/devfront-consents.spec.ts
Normal file
45
devfront/tests/devfront-consents.spec.ts
Normal file
@@ -0,0 +1,45 @@
|
|||||||
|
import { expect, test } from "@playwright/test";
|
||||||
|
import {
|
||||||
|
installDevApiMock,
|
||||||
|
makeClient,
|
||||||
|
seedAuth,
|
||||||
|
type Consent,
|
||||||
|
} from "./helpers/devfront-fixtures";
|
||||||
|
|
||||||
|
test.describe("DevFront consents", () => {
|
||||||
|
test.beforeEach(async ({ page }) => {
|
||||||
|
page.on("dialog", async (dialog) => {
|
||||||
|
await dialog.accept();
|
||||||
|
});
|
||||||
|
await seedAuth(page);
|
||||||
|
});
|
||||||
|
|
||||||
|
test("consent list and revoke flow", async ({ page }) => {
|
||||||
|
const state = {
|
||||||
|
clients: [makeClient("client-consent", { name: "Consent app" })],
|
||||||
|
consents: [
|
||||||
|
{
|
||||||
|
subject: "user-1",
|
||||||
|
userName: "Alice",
|
||||||
|
clientId: "client-consent",
|
||||||
|
clientName: "Consent app",
|
||||||
|
grantedScopes: ["openid", "profile"],
|
||||||
|
authenticatedAt: "2026-03-03T08:00:00.000Z",
|
||||||
|
createdAt: "2026-03-02T08:00:00.000Z",
|
||||||
|
status: "active",
|
||||||
|
tenantId: "tenant-a",
|
||||||
|
tenantName: "Tenant A",
|
||||||
|
},
|
||||||
|
] as Consent[],
|
||||||
|
auditLogsByCursor: undefined,
|
||||||
|
};
|
||||||
|
await installDevApiMock(page, state);
|
||||||
|
|
||||||
|
await page.goto("/clients/client-consent/consents");
|
||||||
|
await expect(page.getByText("Alice")).toBeVisible();
|
||||||
|
await expect(page.getByText("Tenant A")).toBeVisible();
|
||||||
|
|
||||||
|
await page.getByRole("button", { name: /권한 철회|Revoke/i }).click();
|
||||||
|
await expect(page.getByText(/Revoked|철회/i).first()).toBeVisible();
|
||||||
|
});
|
||||||
|
});
|
||||||
50
devfront/tests/devfront-security.spec.ts
Normal file
50
devfront/tests/devfront-security.spec.ts
Normal file
@@ -0,0 +1,50 @@
|
|||||||
|
import { expect, test } from "@playwright/test";
|
||||||
|
import {
|
||||||
|
installDevApiMock,
|
||||||
|
makeClient,
|
||||||
|
seedAuth,
|
||||||
|
type Consent,
|
||||||
|
} from "./helpers/devfront-fixtures";
|
||||||
|
|
||||||
|
test.describe("DevFront security and isolation", () => {
|
||||||
|
test.beforeEach(async ({ page }) => {
|
||||||
|
page.on("dialog", async (dialog) => {
|
||||||
|
await dialog.accept();
|
||||||
|
});
|
||||||
|
await seedAuth(page);
|
||||||
|
});
|
||||||
|
|
||||||
|
test("tenant isolation: forbidden client shows blocked error", async ({
|
||||||
|
page,
|
||||||
|
}) => {
|
||||||
|
const state = {
|
||||||
|
clients: [makeClient("tenant-a-client", { name: "Tenant A app" })],
|
||||||
|
consents: [] as Consent[],
|
||||||
|
auditLogsByCursor: undefined,
|
||||||
|
};
|
||||||
|
await installDevApiMock(page, state);
|
||||||
|
|
||||||
|
await page.goto("/clients/tenant-b-client");
|
||||||
|
await expect(page.getByText(/Error loading client|조회/i)).toBeVisible();
|
||||||
|
});
|
||||||
|
|
||||||
|
test("RBAC: non-AppManager user should not see private apps", async ({
|
||||||
|
page,
|
||||||
|
}) => {
|
||||||
|
const state = {
|
||||||
|
clients: [
|
||||||
|
makeClient("pkce-client", {
|
||||||
|
name: "PKCE only app",
|
||||||
|
type: "pkce",
|
||||||
|
}),
|
||||||
|
],
|
||||||
|
consents: [] as Consent[],
|
||||||
|
auditLogsByCursor: undefined,
|
||||||
|
};
|
||||||
|
await installDevApiMock(page, state);
|
||||||
|
|
||||||
|
await page.goto("/clients");
|
||||||
|
await expect(page.getByText("PKCE only app")).toBeVisible();
|
||||||
|
await expect(page.getByText("Server side App")).not.toBeVisible();
|
||||||
|
});
|
||||||
|
});
|
||||||
362
devfront/tests/helpers/devfront-fixtures.ts
Normal file
362
devfront/tests/helpers/devfront-fixtures.ts
Normal file
@@ -0,0 +1,362 @@
|
|||||||
|
import type { Page, Route } from "@playwright/test";
|
||||||
|
|
||||||
|
export type ClientStatus = "active" | "inactive";
|
||||||
|
export type ClientType = "private" | "pkce";
|
||||||
|
|
||||||
|
export type Client = {
|
||||||
|
id: string;
|
||||||
|
name: string;
|
||||||
|
type: ClientType;
|
||||||
|
status: ClientStatus;
|
||||||
|
redirectUris: string[];
|
||||||
|
scopes: string[];
|
||||||
|
createdAt: string;
|
||||||
|
clientSecret?: string;
|
||||||
|
metadata?: Record<string, unknown>;
|
||||||
|
};
|
||||||
|
|
||||||
|
export type Consent = {
|
||||||
|
subject: string;
|
||||||
|
userName: string;
|
||||||
|
clientId: string;
|
||||||
|
clientName: string;
|
||||||
|
grantedScopes: string[];
|
||||||
|
authenticatedAt?: string;
|
||||||
|
createdAt: string;
|
||||||
|
deletedAt?: string;
|
||||||
|
status: "active" | "revoked";
|
||||||
|
tenantId: string;
|
||||||
|
tenantName: string;
|
||||||
|
};
|
||||||
|
|
||||||
|
export type AuditLog = {
|
||||||
|
event_id: string;
|
||||||
|
timestamp: string;
|
||||||
|
user_id: string;
|
||||||
|
event_type: string;
|
||||||
|
status: "success" | "failure";
|
||||||
|
ip_address: string;
|
||||||
|
user_agent: string;
|
||||||
|
details: string;
|
||||||
|
};
|
||||||
|
|
||||||
|
export type DevApiMockState = {
|
||||||
|
clients: Client[];
|
||||||
|
consents: Consent[];
|
||||||
|
auditLogsByCursor?: Record<string, { items: AuditLog[]; next_cursor?: string }>;
|
||||||
|
auditLogs?: AuditLog[];
|
||||||
|
onUpdateStatus?: (status: ClientStatus) => void;
|
||||||
|
onRotateSecret?: (newSecret: string) => void;
|
||||||
|
};
|
||||||
|
|
||||||
|
export function makeClient(id: string, overrides: Partial<Client> = {}): Client {
|
||||||
|
return {
|
||||||
|
id,
|
||||||
|
name: `${id} app`,
|
||||||
|
type: "private",
|
||||||
|
status: "active",
|
||||||
|
redirectUris: [`https://${id}.example.com/callback`],
|
||||||
|
scopes: ["openid", "profile", "email"],
|
||||||
|
createdAt: "2026-03-03T00:00:00.000Z",
|
||||||
|
clientSecret: `${id}-secret`,
|
||||||
|
metadata: {},
|
||||||
|
...overrides,
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
export async function seedAuth(page: Page) {
|
||||||
|
const nowInSeconds = Math.floor(Date.now() / 1000);
|
||||||
|
|
||||||
|
await page.addInitScript((issuedAt) => {
|
||||||
|
const mockOidcUser = {
|
||||||
|
id_token: "playwright-id-token",
|
||||||
|
session_state: "playwright-session",
|
||||||
|
access_token: "playwright-access-token",
|
||||||
|
refresh_token: "playwright-refresh-token",
|
||||||
|
token_type: "Bearer",
|
||||||
|
scope: "openid profile email",
|
||||||
|
profile: {
|
||||||
|
sub: "playwright-user",
|
||||||
|
email: "playwright@example.com",
|
||||||
|
name: "Playwright User",
|
||||||
|
},
|
||||||
|
expires_at: issuedAt + 3600,
|
||||||
|
};
|
||||||
|
|
||||||
|
window.localStorage.setItem(
|
||||||
|
"oidc.user:http://localhost:5000/oidc:devfront",
|
||||||
|
JSON.stringify(mockOidcUser),
|
||||||
|
);
|
||||||
|
window.localStorage.setItem(
|
||||||
|
"oidc.user:http://localhost:5000/oidc/:devfront",
|
||||||
|
JSON.stringify(mockOidcUser),
|
||||||
|
);
|
||||||
|
window.localStorage.setItem("dev_tenant_id", "tenant-a");
|
||||||
|
}, nowInSeconds);
|
||||||
|
}
|
||||||
|
|
||||||
|
function json(route: Route, payload: unknown, status = 200) {
|
||||||
|
return route.fulfill({
|
||||||
|
status,
|
||||||
|
contentType: "application/json",
|
||||||
|
body: JSON.stringify(payload),
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
function parseClientId(pathname: string): string {
|
||||||
|
const parts = pathname.split("/").filter(Boolean);
|
||||||
|
return parts[parts.length - 1] ?? "";
|
||||||
|
}
|
||||||
|
|
||||||
|
export async function installDevApiMock(page: Page, state: DevApiMockState) {
|
||||||
|
const appendAuditLog = (
|
||||||
|
eventType: string,
|
||||||
|
action: string,
|
||||||
|
targetId: string,
|
||||||
|
status: "success" | "failure" = "success",
|
||||||
|
) => {
|
||||||
|
if (!state.auditLogs) return;
|
||||||
|
state.auditLogs.unshift({
|
||||||
|
event_id: `evt-${Date.now()}-${Math.random().toString(16).slice(2, 8)}`,
|
||||||
|
timestamp: new Date().toISOString(),
|
||||||
|
user_id: "playwright-user",
|
||||||
|
event_type: eventType,
|
||||||
|
status,
|
||||||
|
ip_address: "127.0.0.1",
|
||||||
|
user_agent: "playwright",
|
||||||
|
details: JSON.stringify({
|
||||||
|
action,
|
||||||
|
target_id: targetId,
|
||||||
|
tenant_id: "tenant-a",
|
||||||
|
}),
|
||||||
|
});
|
||||||
|
};
|
||||||
|
|
||||||
|
await page.route("**/api/v1/dev/**", async (route) => {
|
||||||
|
const request = route.request();
|
||||||
|
const url = new URL(request.url());
|
||||||
|
const { pathname, searchParams } = url;
|
||||||
|
const method = request.method();
|
||||||
|
|
||||||
|
if (pathname === "/api/v1/dev/stats" && method === "GET") {
|
||||||
|
const total = state.clients.length;
|
||||||
|
return json(route, {
|
||||||
|
total_clients: total,
|
||||||
|
active_sessions: Math.max(1, total),
|
||||||
|
auth_failures_24h: 0,
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
if (pathname === "/api/v1/dev/clients" && method === "GET") {
|
||||||
|
return json(route, {
|
||||||
|
items: state.clients.map((client) => ({
|
||||||
|
id: client.id,
|
||||||
|
name: client.name,
|
||||||
|
type: client.type,
|
||||||
|
status: client.status,
|
||||||
|
createdAt: client.createdAt,
|
||||||
|
redirectUris: client.redirectUris,
|
||||||
|
scopes: client.scopes,
|
||||||
|
})),
|
||||||
|
limit: 50,
|
||||||
|
offset: 0,
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
if (pathname === "/api/v1/dev/clients" && method === "POST") {
|
||||||
|
const payload = (request.postDataJSON() as {
|
||||||
|
name?: string;
|
||||||
|
type?: ClientType;
|
||||||
|
status?: ClientStatus;
|
||||||
|
redirectUris?: string[];
|
||||||
|
scopes?: string[];
|
||||||
|
metadata?: Record<string, unknown>;
|
||||||
|
}) || { name: "created app" };
|
||||||
|
|
||||||
|
const created = makeClient(`client-${state.clients.length + 1}`, {
|
||||||
|
name: payload.name ?? "created app",
|
||||||
|
type: payload.type ?? "private",
|
||||||
|
status: payload.status ?? "active",
|
||||||
|
redirectUris: payload.redirectUris ?? [],
|
||||||
|
scopes: payload.scopes ?? ["openid"],
|
||||||
|
metadata: payload.metadata ?? {},
|
||||||
|
});
|
||||||
|
|
||||||
|
state.clients.push(created);
|
||||||
|
appendAuditLog("CLIENT_CREATE", "CREATE_CLIENT", created.id);
|
||||||
|
return json(route, {
|
||||||
|
client: created,
|
||||||
|
endpoints: {
|
||||||
|
discovery: "https://issuer/.well-known/openid-configuration",
|
||||||
|
issuer: "https://issuer",
|
||||||
|
authorization: "https://issuer/oauth2/auth",
|
||||||
|
token: "https://issuer/oauth2/token",
|
||||||
|
userinfo: "https://issuer/userinfo",
|
||||||
|
},
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
if (
|
||||||
|
pathname.startsWith("/api/v1/dev/clients/") &&
|
||||||
|
pathname.endsWith("/status") &&
|
||||||
|
method === "PATCH"
|
||||||
|
) {
|
||||||
|
const clientId = pathname.split("/")[5] ?? "";
|
||||||
|
const payload = request.postDataJSON() as { status: ClientStatus };
|
||||||
|
const found = state.clients.find((client) => client.id === clientId);
|
||||||
|
if (!found) return json(route, { error: "not found" }, 404);
|
||||||
|
found.status = payload.status;
|
||||||
|
appendAuditLog("CLIENT_UPDATE_STATUS", "UPDATE_CLIENT_STATUS", clientId);
|
||||||
|
state.onUpdateStatus?.(payload.status);
|
||||||
|
return json(route, {
|
||||||
|
client: found,
|
||||||
|
endpoints: {
|
||||||
|
discovery: "https://issuer/.well-known/openid-configuration",
|
||||||
|
issuer: "https://issuer",
|
||||||
|
authorization: "https://issuer/oauth2/auth",
|
||||||
|
token: "https://issuer/oauth2/token",
|
||||||
|
userinfo: "https://issuer/userinfo",
|
||||||
|
},
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
if (
|
||||||
|
pathname.startsWith("/api/v1/dev/clients/") &&
|
||||||
|
pathname.endsWith("/secret/rotate") &&
|
||||||
|
method === "POST"
|
||||||
|
) {
|
||||||
|
const clientId = pathname.split("/")[5] ?? "";
|
||||||
|
const found = state.clients.find((client) => client.id === clientId);
|
||||||
|
if (!found) return json(route, { error: "not found" }, 404);
|
||||||
|
found.clientSecret = `${clientId}-rotated-secret`;
|
||||||
|
appendAuditLog("CLIENT_ROTATE_SECRET", "ROTATE_SECRET", clientId);
|
||||||
|
state.onRotateSecret?.(found.clientSecret);
|
||||||
|
return json(route, {
|
||||||
|
client: found,
|
||||||
|
endpoints: {
|
||||||
|
discovery: "https://issuer/.well-known/openid-configuration",
|
||||||
|
issuer: "https://issuer",
|
||||||
|
authorization: "https://issuer/oauth2/auth",
|
||||||
|
token: "https://issuer/oauth2/token",
|
||||||
|
userinfo: "https://issuer/userinfo",
|
||||||
|
},
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
if (pathname.startsWith("/api/v1/dev/clients/") && method === "PUT") {
|
||||||
|
const clientId = parseClientId(pathname);
|
||||||
|
const payload = (request.postDataJSON() as {
|
||||||
|
name?: string;
|
||||||
|
type?: ClientType;
|
||||||
|
scopes?: string[];
|
||||||
|
redirectUris?: string[];
|
||||||
|
metadata?: Record<string, unknown>;
|
||||||
|
}) || { name: "updated app" };
|
||||||
|
const found = state.clients.find((client) => client.id === clientId);
|
||||||
|
if (!found) return json(route, { error: "not found" }, 404);
|
||||||
|
if (payload.name) found.name = payload.name;
|
||||||
|
if (payload.type) found.type = payload.type;
|
||||||
|
if (payload.scopes) found.scopes = payload.scopes;
|
||||||
|
if (payload.redirectUris) found.redirectUris = payload.redirectUris;
|
||||||
|
if (payload.metadata) found.metadata = payload.metadata;
|
||||||
|
appendAuditLog("CLIENT_UPDATE", "UPDATE_CLIENT", clientId);
|
||||||
|
return json(route, {
|
||||||
|
client: found,
|
||||||
|
endpoints: {
|
||||||
|
discovery: "https://issuer/.well-known/openid-configuration",
|
||||||
|
issuer: "https://issuer",
|
||||||
|
authorization: "https://issuer/oauth2/auth",
|
||||||
|
token: "https://issuer/oauth2/token",
|
||||||
|
userinfo: "https://issuer/userinfo",
|
||||||
|
},
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
if (pathname.startsWith("/api/v1/dev/clients/") && method === "DELETE") {
|
||||||
|
const clientId = parseClientId(pathname);
|
||||||
|
state.clients = state.clients.filter((client) => client.id !== clientId);
|
||||||
|
appendAuditLog("CLIENT_DELETE", "DELETE_CLIENT", clientId);
|
||||||
|
return route.fulfill({ status: 204 });
|
||||||
|
}
|
||||||
|
|
||||||
|
if (pathname.startsWith("/api/v1/dev/clients/") && method === "GET") {
|
||||||
|
const clientId = parseClientId(pathname);
|
||||||
|
const found = state.clients.find((client) => client.id === clientId);
|
||||||
|
if (!found) return json(route, { error: "forbidden" }, 403);
|
||||||
|
return json(route, {
|
||||||
|
client: found,
|
||||||
|
endpoints: {
|
||||||
|
discovery: "https://issuer/.well-known/openid-configuration",
|
||||||
|
issuer: "https://issuer",
|
||||||
|
authorization: "https://issuer/oauth2/auth",
|
||||||
|
token: "https://issuer/oauth2/token",
|
||||||
|
userinfo: "https://issuer/userinfo",
|
||||||
|
},
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
if (pathname === "/api/v1/dev/consents" && method === "GET") {
|
||||||
|
const subject = searchParams.get("subject") || "";
|
||||||
|
const clientId = searchParams.get("client_id") || "";
|
||||||
|
const status = searchParams.get("status") || "";
|
||||||
|
const items = state.consents.filter((row) => {
|
||||||
|
const matchesSubject =
|
||||||
|
!subject || row.subject.includes(subject) || row.userName.includes(subject);
|
||||||
|
const matchesClientId = !clientId || row.clientId === clientId;
|
||||||
|
const matchesStatus = !status || row.status === status;
|
||||||
|
return matchesSubject && matchesClientId && matchesStatus;
|
||||||
|
});
|
||||||
|
return json(route, { items });
|
||||||
|
}
|
||||||
|
|
||||||
|
if (pathname === "/api/v1/dev/consents" && method === "DELETE") {
|
||||||
|
const subject = searchParams.get("subject") || "";
|
||||||
|
const clientId = searchParams.get("client_id") || "";
|
||||||
|
const target = state.consents.find(
|
||||||
|
(row) => row.subject === subject && row.clientId === clientId,
|
||||||
|
);
|
||||||
|
if (target) {
|
||||||
|
target.status = "revoked";
|
||||||
|
target.deletedAt = "2026-03-03T10:00:00.000Z";
|
||||||
|
}
|
||||||
|
return route.fulfill({ status: 204 });
|
||||||
|
}
|
||||||
|
|
||||||
|
if (pathname === "/api/v1/dev/audit-logs" && method === "GET") {
|
||||||
|
if (state.auditLogsByCursor) {
|
||||||
|
const cursor = searchParams.get("cursor") || "";
|
||||||
|
const pageSet = state.auditLogsByCursor[cursor] ?? { items: [] };
|
||||||
|
return json(route, {
|
||||||
|
items: pageSet.items,
|
||||||
|
limit: 50,
|
||||||
|
cursor: cursor || undefined,
|
||||||
|
next_cursor: pageSet.next_cursor,
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
if (state.auditLogs) {
|
||||||
|
const action = searchParams.get("action") || "";
|
||||||
|
const clientId = searchParams.get("client_id") || "";
|
||||||
|
const status = searchParams.get("status") || "";
|
||||||
|
const filtered = state.auditLogs.filter((item) => {
|
||||||
|
let parsedDetails: { action?: string; target_id?: string } = {};
|
||||||
|
try {
|
||||||
|
parsedDetails = JSON.parse(item.details) as {
|
||||||
|
action?: string;
|
||||||
|
target_id?: string;
|
||||||
|
};
|
||||||
|
} catch {}
|
||||||
|
const matchesAction = !action || parsedDetails.action === action;
|
||||||
|
const matchesClient = !clientId || parsedDetails.target_id === clientId;
|
||||||
|
const matchesStatus = !status || item.status === status;
|
||||||
|
return matchesAction && matchesClient && matchesStatus;
|
||||||
|
});
|
||||||
|
return json(route, { items: filtered, limit: 50 });
|
||||||
|
}
|
||||||
|
|
||||||
|
return json(route, { items: [], limit: 50 });
|
||||||
|
}
|
||||||
|
|
||||||
|
return json(route, { error: `Unhandled ${method} ${pathname}` }, 404);
|
||||||
|
});
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user